How to secure your political campaign in a hack-heavy world

Politicians sometimes face an adversary other than opposing candidates: They have to worry about hackers, too.

From the DNC hacks and Russian cyber meddling during the U.S. presidential campaign, to the recent dump of hacked documents the day before the French presidential election, hackers are increasingly targeting public officials.

Derek Parham, who was deputy chief technology officer of Hillary Clinton's campaign, knows a lot about campaign security -- and the points of failure when protections aren't employed.

"It's very obvious what happens when you don't take security seriously," Parham said.

The good news: Parham says most campaigns can achieve a decent level of security by taking very basic measures. The key is to begin at the very start of a campaign -- an especially important lesson asmore first-time candidates organize grassroots campaigns. More than 12,000 women have signed up to run for office since the U.S. election, according to progressive organization Emily's List.

Separate work and life

The most important thing, Parham said, is that anyoneassociated with the campaign keeps personal and professional accounts separate. No campaign business should be discussed through personal emails.

In one high-profile example,Clinton campaign chairman John Podesta was a victim of a personal email attack. Hackers sent a message posing as Google to his personal email address, then accessed and distributed communications that dated back years.

Phishing is a common tactic used to try to hack people by posing as a trustworthy entity to steal passwords and other information. Users should not click on links that look suspicious or are sent from senders they don't recognize.

Use secure third-party apps

"If you keep things simple and standard, you'll be much better off," Parham said. When it comes to campaigns, that means using "common third-party software with all of their security settings activated."

Opt for popular apps that have entire teams dedicated to security.Google(GOOG), for instance, offers a suite of business apps that campaigns can use for email, shared documents and calendars. Slack, a chat app for large groups, is also popular for communications.

Enable strong passwords two-factor authentication

Account managers should enable security features on campaign accounts by default, before email addresses are assigned to individuals. Users should also have strong, unique passwords for every account.

Two-factor authentication is a layer of security on top of a password, so even if the password is compromised hackers would need a second code (usually texted to a person's phone) to gain access. This should be enabled on personal accounts, too, as it offers strong protection against phishing.

Administrators can require the whole team to use two-factor authentication for accounts like email and Slack chat.

Use encrypted communications

Encrypted chat apps prevent anyone from intercepting and snooping on your communications. The Clinton campaign used Signal, a popular end-to-end encryption messenger that has become popular after the election. WhatsApp, owned by Facebook(FB), is also an encrypted chat option.

The weak human link

According to security educator Jessy Irwin, it'shuman error thatcan often lead to information breaches.

"The weakest points in campaign security tend to be around some of the most public-facing aspects of a campaign," Irwin told CNNTech. Social media volunteers and communications staffers reuse passwords, and don't enable two-factor authentication, she said.

"They also don't always know that they should avoid clicking every link that comes through Twitter(TWTR) [direct messages] or public messages."

To help combat breaches, Irwin suggests making sure individuals don't have too much access to important documents. For instance, don't share campaign budgets with low-level volunteers.

"That would be a perfect opening for someone in a rival campaign to come in and take everything," she said.